Test ID:	1.3.6.1.4.1.25623.1.1.10.2021.0300
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2021-0300)
Summary:	The remote host is missing an update for the 'nettle' package(s) announced via the MGASA-2021-0300 advisory.
Description:	Summary: The remote host is missing an update for the 'nettle' package(s) announced via the MGASA-2021-0300 advisory. Vulnerability Insight: Remote crash in RSA decryption via manipulated ciphertext (CVE-2021-3580). A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GHOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation (CVE-2021-20305). The Mageia 8 nettle package has been updated to version 3.7.3 and the Mageia 7 nettle package has been patched to fix these issues. Affected Software/OS: 'nettle' package(s) on Mageia 7, Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-20305 Debian Security Information: DSA-4933 (Google Search) https://www.debian.org/security/2021/dsa-4933 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQKWVVMAIDAJ7YAA3VVO32BHLDOH2E63/ https://security.gentoo.org/glsa/202105-31 https://bugzilla.redhat.com/show_bug.cgi?id=1942533 https://lists.debian.org/debian-lts-announce/2021/09/msg00008.html Common Vulnerability Exposure (CVE) ID: CVE-2021-3580 https://security.gentoo.org/glsa/202401-24 https://bugzilla.redhat.com/show_bug.cgi?id=1967983
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.